Ransomware, Scams Tend to Increase During Holiday Periods
Note: We may earn a commission from products or services when you click on a link and make a purchase.
The US Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) issued an advisory to remind the public and organizations to be extra vigilant about cyberattacks during holiday periods.
Although there is not currently a specific threat, the two federal agencies noted that cybercriminals typically ramp up attacks during times when staffing is low. Online shopping is increased and IT staff is decreased during holiday periods from Thanksgiving to Christmas.
Common attack vectors include phishing scams, appeals from fraudulent charities, spoofed eCommerce sites, and unencrypted financial transactions.
“Specifically, malicious cyber actors have often taken advantage of holidays and weekends to disrupt critical networks and systems belonging to organizations, businesses, and critical infrastructures,” says the advisory from CISA.
Ransomware most frequently reported to FBI in attacks over the last month:
- Conti
- PYSA
- LockBit
- RansomEXX/Defray777
- Zeppelin
- Crysis/Dharma/Phobos
Cybercriminals historically attack during holiday periods when they believe IT staff is at its lowest or working remotely. On Mother’s Day weekend in May 2021, DarkSide Ransomware was used to attack the US-based energy sector. The infamous Colonial Pipeline ransomware attack persisted for one week. Data was exfiltrated and used to demand a ransomware payment.
The same month on Memorial Day weekend, the Australian Food and Agricultural sector was attacked with Sodinokibi/REvil ransomware. The incident impacted Australian meat production IT systems and shut down facilities.
In July 2021, during Independence Day weekend, Sodinokibi/REvil was again used to attack a U.S.-based critical infrastructure entity in the IT sector. The attack affected remote monitoring software and impacted hundreds of organizations.
Organizations Should
- Assign IT security employees to respond to security incidents or malware attacks during weekends and holidays
- Require multi-factor authentication (MFA) for remote access and administrative logins
- Require strong passwords and two-factor authentication (2FA)
- Secure and monitor remote desktop protocol (RDP)
- Educate employees about phishing scams
- Train employees not to click on links in emails and text messages
Users who cannot remember a strong and unique password for all online accounts can use a password manager to create and store passwords.
“CISA and the FBI urge users and organizations to take these actions immediately to protect themselves against this threat,” says the advisory.
